Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/1455d2-724a-439e-96ed-9876aebbd2c9/1/qBH3YGMaFK7YFVrKhQ5pFdeSVI0.roa
File:                     qBH3YGMaFK7YFVrKhQ5pFdeSVI0.roa (raw, json)
Hash identifier:          0gWn80uN/F/B7m+caBdi8E0X9ChrpKW2B3Hw8j3IN30=
Subject key identifier:   A8:11:F7:60:63:1A:14:AE:D8:15:5A:CA:85:0E:69:15:D7:92:54:8D
Certificate issuer:       /CN=e6636ab81a343a9ffd8257eacb1ddec538966804
Certificate serial:       0194228D82673843CC96E3EBF6D522DAEC69
Authority key identifier: E6:63:6A:B8:1A:34:3A:9F:FD:82:57:EA:CB:1D:DE:C5:38:96:68:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5mNquBo0Op_9glfqyx3exTiWaAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/1455d2-724a-439e-96ed-9876aebbd2c9/1/qBH3YGMaFK7YFVrKhQ5pFdeSVI0.roa
Signing time:             Wed 01 Jan 2025 15:48:06 +0000
ROA not before:           Wed 01 Jan 2025 15:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26506
IP address blocks:        78.89.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/1455d2-724a-439e-96ed-9876aebbd2c9/1/5mNquBo0Op_9glfqyx3exTiWaAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/1455d2-724a-439e-96ed-9876aebbd2c9/1/5mNquBo0Op_9glfqyx3exTiWaAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5mNquBo0Op_9glfqyx3exTiWaAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:82:67:38:43:cc:96:e3:eb:f6:d5:22:da:ec:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6636ab81a343a9ffd8257eacb1ddec538966804
        Validity
            Not Before: Jan  1 15:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a811f760631a14aed8155aca850e6915d792548d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:12:55:00:7d:64:bb:6f:6b:64:6f:50:00:0a:
                    07:8b:95:ac:17:d2:a2:9e:bd:15:96:d9:f6:9f:5b:
                    ce:5c:6c:22:87:2c:0c:a5:cc:1d:8d:d1:fe:1c:c8:
                    43:b7:e2:8b:fd:7d:3c:7d:72:34:53:a5:b7:82:23:
                    8c:df:34:a6:50:35:97:bc:de:c9:5d:6e:73:93:c3:
                    da:05:8d:64:27:05:38:55:d2:63:71:11:ae:59:dc:
                    9b:0d:04:31:59:71:e1:ba:1d:ab:d6:3d:13:30:69:
                    1b:63:7e:63:fd:93:cf:51:04:c0:6d:29:b7:31:4d:
                    28:c8:43:51:ec:10:2b:95:b7:66:6b:20:a1:5c:f9:
                    5d:ce:f7:cc:7f:cf:f7:b9:1e:85:b1:93:ef:62:bf:
                    f6:6a:c2:6d:74:8c:f8:6e:99:9c:90:98:ab:b9:1f:
                    24:ae:06:6b:f2:e4:07:c8:16:d0:8f:fc:f8:5b:13:
                    1f:77:54:ad:58:ca:c7:f0:8d:39:9d:22:f8:ea:b4:
                    16:7b:a2:58:94:d5:8f:ce:65:cf:16:8d:b2:e7:d0:
                    57:b4:d3:7c:df:be:0d:24:17:e4:21:cd:3c:af:18:
                    98:26:f8:71:fb:d3:3a:34:46:4b:cb:9c:f4:53:59:
                    a6:fe:e0:16:c5:30:a1:bf:c3:92:a3:69:05:6c:15:
                    5b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:11:F7:60:63:1A:14:AE:D8:15:5A:CA:85:0E:69:15:D7:92:54:8D
            X509v3 Authority Key Identifier:
                keyid:E6:63:6A:B8:1A:34:3A:9F:FD:82:57:EA:CB:1D:DE:C5:38:96:68:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5mNquBo0Op_9glfqyx3exTiWaAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/1455d2-724a-439e-96ed-9876aebbd2c9/1/qBH3YGMaFK7YFVrKhQ5pFdeSVI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/1455d2-724a-439e-96ed-9876aebbd2c9/1/5mNquBo0Op_9glfqyx3exTiWaAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.89.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:b0:57:6c:be:4a:03:4a:7e:98:83:12:ce:5a:b9:d1:65:9c:
         62:22:0a:68:f3:99:5a:3c:14:6e:14:81:2b:aa:c8:e3:de:32:
         d0:1a:5c:9a:7d:16:0c:f3:2c:c5:e2:e2:1e:cf:8b:30:6d:84:
         c9:22:a9:22:37:c9:7f:f3:29:11:d9:92:76:3a:09:1e:0b:42:
         83:9a:ee:2a:3b:8a:45:62:80:4a:9f:73:dd:d1:9f:e6:7b:b5:
         75:c8:77:1a:88:d2:b2:08:16:9f:30:e4:cd:f0:0c:bc:8d:f6:
         b2:dc:40:5c:2e:14:59:e9:3c:61:c6:bc:94:0c:a4:91:a3:c4:
         d3:cd:08:fe:44:f8:ad:a4:97:87:a4:62:ca:8e:6f:1a:0e:c7:
         20:2d:a1:2d:5b:bb:e9:07:b2:62:3f:0b:d1:ce:69:0b:5d:f1:
         b4:f7:27:ee:b7:d8:50:60:8c:c0:12:d5:8e:e9:4e:de:b5:f3:
         ef:60:17:46:eb:12:fd:ac:0a:37:0f:26:d2:76:45:68:1e:4b:
         fc:df:ca:d4:95:37:f0:3c:ec:57:9e:06:c7:f9:89:bf:25:4c:
         20:99:51:de:52:8d:bb:23:4c:82:01:35:65:fe:d1:c7:05:23:
         4e:bc:40:80:5a:ba:ba:08:25:70:01:10:61:3b:69:cb:90:f8:
         d8:c7:0d:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYJnOEPMluPr9tUi2uxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NjM2YWI4MWEzNDNhOWZmZDgyNTdlYWNiMWRkZWM1Mzg5
NjY4MDQwHhcNMjUwMTAxMTU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODExZjc2MDYzMWExNGFlZDgxNTVhY2E4NTBlNjkxNWQ3OTI1NDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BJVAH1ku29rZG9QAAoHi5WsF9Ki
nr0Vltn2n1vOXGwihywMpcwdjdH+HMhDt+KL/X08fXI0U6W3giOM3zSmUDWXvN7J
XW5zk8PaBY1kJwU4VdJjcRGuWdybDQQxWXHhuh2r1j0TMGkbY35j/ZPPUQTAbSm3
MU0oyENR7BArlbdmayChXPldzvfMf8/3uR6FsZPvYr/2asJtdIz4bpmckJiruR8k
rgZr8uQHyBbQj/z4WxMfd1StWMrH8I05nSL46rQWe6JYlNWPzmXPFo2y59BXtNN8
374NJBfkIc08rxiYJvhx+9M6NEZLy5z0U1mm/uAWxTChv8OSo2kFbBVbnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgR92BjGhSu2BVayoUOaRXXklSNMB8GA1UdIwQY
MBaAFOZjargaNDqf/YJX6ssd3sU4lmgEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW1OcXVCbzBPcF85Z2xmcXl4M2V4VGlXYUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8xNDU1ZDItNzI0YS00MzllLTk2ZWQt
OTg3NmFlYmJkMmM5LzEvcUJIM1lHTWFGSzdZRlZyS2hRNXBGZGVTVkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8xNDU1ZDItNzI0YS00MzllLTk2ZWQtOTg3NmFlYmJkMmM5
LzEvNW1OcXVCbzBPcF85Z2xmcXl4M2V4VGlXYUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATlmUMA0G
CSqGSIb3DQEBCwUAA4IBAQCpsFdsvkoDSn6YgxLOWrnRZZxiIgpo85laPBRuFIEr
qsjj3jLQGlyafRYM8yzF4uIez4swbYTJIqkiN8l/8ykR2ZJ2OgkeC0KDmu4qO4pF
YoBKn3Pd0Z/me7V1yHcaiNKyCBafMOTN8Ay8jfay3EBcLhRZ6TxhxryUDKSRo8TT
zQj+RPitpJeHpGLKjm8aDscgLaEtW7vpB7JiPwvRzmkLXfG09yfut9hQYIzAEtWO
6U7etfPvYBdG6xL9rAo3DybSdkVoHkv838rUlTfwPOxXngbH+Ym/JUwgmVHeUo27
I0yCATVl/tHHBSNOvECAWrq6CCVwARBhO2nLkPjYxw0G
-----END CERTIFICATE-----